Bug Found in Apple’s Safari BrowserAs per Jeremiah Grossman, Chief Technology Officer of computer security company 'WhiteHat Security,' a bug has been discovered in Apple's Safari web browser that enables websites to extract private details from visitors, as per the reports by INDYPOSTED on July 22, 2010. The bug exploits Safari's auto-fill feature, enabling websites to scrape details such as name, email address, contact number, place of work of the person who uses the system. This stolen detail is generally stored in Mac users' digital address book. Grossman claimed that for secretly extracting Address Book card data from Safari, a harmful website made form containing text fields using the above mentioned names, perhaps unnoticeably, and then replicate A-Z keystroke events using JavaScript, as per the reports by AppleInsider on July 22, 2010. Later, the detail is automatically sent to the hacker so that it could be sold to spammers and thus misused. The security experts state that this attack can also be leveraged to execute multistage attacks which include email spam, stalking, phishing, and even blackmailing, if a netizen is de-anonymized while viewing objectionable online content. It is not only harmful sites user should be careful, but also websites that get hacked into to add the harmful code or even an iframe from a crooked advertiser. Further, the security experts claim that such attacks could be easily circulated on massive scale with the help of advertising network where no one would ever notice because it is not exploit code created to deliver rootkit payload. Moreover, Grossman informed that he had reported Apple twice about the error but they just sent a mail auto-response, as per the news by ZDNet on July 22, 2010. On the other hand, an Apple representative states that they take security and privacy issues quite seriously. They know about the issue and are working on it, as per the reports by cnet on July 22, 2010. Security experts have suggested a simple way to protect against the harmful exploitation of Safari's AutoFill feature. User can easily disable the "Using info from my Address Book" option from the AutoFill preference pane. Related article: Bugs Swell In Browsers in 2006 » SPAMfighter News - 8/4/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
